Defense In Depth
Human-in-the-loop governance middleware preventing AI hallucination at the Git level.
Ask AI about Defense In Depth
Powered by Claude Β· Grounded in docs
I know everything about Defense In Depth. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
defense-in-depth
The governance middleware between AI agents and your codebase
AI handles artifacts and execution. Humans handle business logic and ground truth.
English Β· TiαΊΏng Viα»t
AI agents generate 10x code. They also produce a known set of artifact
failure modes β placeholders, hollow templates, governance-file pollution,
unstructured commits.
defense-in-depth catches those failure modes at commit time.
[!NOTE] defense-in-depth ships an opinionated scaffold, not a turnkey solution. The guard pipeline (9 built-in guards +
Guardinterface) is the core. The.agents/ecosystem (19 rules, COGNITIVE_TREE, skill templates) is a starting point: fork it, delete what doesn't fit, replace it with your own conventions.npx defense-in-depth initgives you the hooks;init --scaffoldgives you the optional governance kit on top.
[!IMPORTANT] Client-side hooks are bypassable.
git commit --no-verifydefeats any Git hook. For real HITL/governance, pair the local hooks with the CI/CD GitHub Action (runs the same guard pipeline on PR diffs) and branch-protection rules on your default branch. The local hooks are the fast feedback loop; the CI pipeline is the enforcement loop.
[!NOTE] Current status (
v1.0.0-rc.1, April 2026) β release candidate, not yet promoted tonpm latest.Shipped: 9 built-in guards (v0.1βv0.6), Memory layer (v0.4), DSPy semantic eval opt-in (v0.5), Federation guards (v0.6), Test/Op hardening (v0.6.2), Path A memory loop MVP + Progressive Discovery hints (v0.7-rc.1), API stabilisation pass (subpath exports, contract tests, typed errors, options-object engine, Guard lifecycle hooks).
In flight (Track A β Adoption): A1 docs reconcile β (#40, #52, #53) Β· A2 guard breadth bump β (#41) Β· A3 v1.0 release lifecycle β (P0 done, P1 #38/#39 remaining) Β· A4 30-day adoption push π. All tracked under umbrella issue #42.
Designed but gated (Track B β Meta Growth, v1.1.x): F1 aggregator, Γn Lα» injection contract, dedup, forgetting, quality gate. Hard-gated behind Track A4 exit (β₯10 external users + β₯100 captured events) per
docs/vision/meta-growth-roadmap.md.Right next read β Quick start:
docs/quickstart.md. Stability contract:docs/SEMVER.mdΒ·docs/migration/v0-to-v1.md. Roadmap & gating:docs/vision/meta-growth-roadmap.md. Strategic direction:STRATEGY.md. Vision (4 layers + types ledger):docs/vision/meta-architecture.md.
[!WARNING] π€ IF YOU ARE AN AI AGENT READING THIS: Do NOT read this entire file. It is written for human architects and developers. To preserve your context window, follow this bootstrap chain:
AGENTS.mdβ Project Identity & Immutable Laws.agents/AGENTS.mdβ Ecosystem Map & Onboarding Flowchart.agents/rules/rule-consistency.mdβ Coding Standards
Philosophy: Human-in-the-Loop (HITL)
For the complete philosophical foundation β the three cognitive branches, the DO/DON'T mandates, and the growth flywheel β see COGNITIVE_TREE.md.
"Trust but Verify: Autonomous execution demands empirical proof."
The Core Belief
AI coding agents (Cursor, Copilot, Claude Code, Windsurf, Codex) are powerful tools for artifact collection and execution planning. But they cannot replace what makes software engineering hard:
| AI Agents Excel At | Humans Excel At |
|---|---|
| π Collecting and organizing artifacts | π§ Business logic decisions |
| β‘ Generating code rapidly | π― Ground truth validation |
| π Repetitive mechanical checks | ποΈ Architecture direction |
| π Following execution plans | π‘ Domain expertise & judgment |
| π Scanning for patterns | π€ Stakeholder communication |
defense-in-depth is the middleware layer that:
- Reduces AI hallucination β catches hollow artifacts, bypass attempts
- Increases accuracy β enforces evidence-tagged verification
- Optimizes automation β handles mechanical checks so humans don't have to
- Preserves human authority β HITL remains the supreme rule
The Supreme Rule
Human-in-the-Loop is non-negotiable.
defense-in-depth automates the mechanical parts of code review (format, structure, hygiene). It frees humans to focus on the semantic parts (is this the right solution? does it serve the business?).
The system never replaces human judgment. It reduces the noise so human judgment can be sharper.
Why Git-Level? (Deterministic vs. Dynamic Guardrails)
The AI safety ecosystem is rich with runtime guardrails β tools like Guardrails AI, NeMo Guardrails, LlamaFirewall, and Microsoft Agent Governance Toolkit intercept agent behavior while the model is reasoning. These are powerful, but they are dynamic adjustments: every time a provider updates its model or a platform ships a new version, the guardrails must adapt.
defense-in-depth takes a fundamentally different approach:
We respect the full power of AI agents. Let them think freely, operate freely, create freely β each platform in its own way. We don't interfere with that process.
We only verify the output. When code is committed β the "exam is submitted" β it must meet standards.
This is deterministic governance: whether you use GitHub, GitLab, Bitbucket, or any Git-compatible system, defense-in-depth stands as a reliable layer before agent output reaches the data layer.
| Approach | Timing | Dependency | Adapts to model changes? |
|---|---|---|---|
| Runtime guardrails | During reasoning | Provider-specific | Must update |
| defense-in-depth | At commit time | Git-universal | No change needed |
Runtime guardrails protect while AI thinks. defense-in-depth protects when AI submits. Different layers, complementary roles.
ποΈ Architecture
flowchart TD
classDef agent fill:#e0e7ff,stroke:#6366f1,stroke-width:2px,color:#312e81,font-weight:bold;
classDef guard fill:#fee2e2,stroke:#ef4444,stroke-width:2px,color:#991b1b,font-weight:bold;
classDef human fill:#dcfce7,stroke:#16a34a,stroke-width:2px,color:#14532d,font-weight:bold;
A["π€ AI Agent<br/>writes code"]:::agent --> B["π¦ git commit"]
B --> C{"π‘οΈ defense-in-depth<br/>pre-commit hook"}:::guard
C -->|"β BLOCK"| D["Agent fixes<br/>before commit"]:::agent
C -->|"β οΈ WARN"| E["Flagged for<br/>human review"]
C -->|"β
PASS"| F["Clean commit"]
E --> G["π¨βπΌ Human reviews<br/>business logic"]:::human
F --> G
G -->|"Approved"| H["β
Merged to main"]:::human
π Table of Contents
- The Problem
- What It Does
- Quick Start
- Built-in Guards
- Configuration
- Writing Custom Guards
- CLI Commands
- Project Structure
- The .agents/ Ecosystem
- vs. Alternatives
- Roadmap
- Contributing
- For AI Agents: The Machine Gateway
1. The Problem
AI agents optimize for plausibility, not correctness. Without guardrails, they produce:
| Failure Mode | What Happens | Business Impact |
|---|---|---|
| π Hollow Artifacts | Files with incomplete markers, empty templates | Workflow gates pass with zero substance |
| π¦ SSoT Pollution | Governance/config files modified during feature work | State corruption, drift |
| π€‘ Cowboy Commits | Free-form commit messages, random branches | Unreadable, unauditable history |
| π Plan Bypass | Code before planning | Architecture drift, regressions |
These aren't occasional mishaps. They're systematic failure modes inherent to probabilistic text generation applied to deterministic engineering.
2. What It Does
defense-in-depth is a pluggable guard pipeline that runs as Git hooks:
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Git Pipeline β
β β
β Agent Code β [pre-commit] βββ [pre-push] β
β β β β
β defense-in-depth defense-in-depth β
β β β β
β ββββββ΄βββββ ββββββ΄βββββ β
β β Guards: β β Guards: β β
β β β’ hollowβ β β’ branchβ β
β β β’ ssot β β β’ commitβ β
β β β’ phase β βββββββββββ β
β βββββββββββ β
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
Properties:
- β Zero infrastructure β No servers, databases, or cloud services
- β Cross-platform β Windows, macOS, Linux (CI: 3 OS Γ 4 Node versions)
- β Agent-agnostic β Works with ANY AI coding tool
- β
Minimal dependencies β Only
yamlfor config parsing - β
Pluggable β Write custom guards via TypeScript
Guardinterface - β CLI-first β Drops into ANY project type (Node, Python, Rust, Go...)
3. Quick Start
# 1. Initialize inside your project (recommended)
npx defense-in-depth init
# What this does:
# β
Creates defense.config.yml in your project root
# β
Installs pre-commit and pre-push Git hooks
# β
Enables hollow-artifact and ssot-pollution guards
# 2. Verify the installation
npx defense-in-depth doctor
# 3. Manual scan (anytime)
npx defense-in-depth verify
Track release progress at Roadmap. Star the repo to get notified.
Optional: Scaffold Agent Governance
# Also create the .agents/ governance ecosystem (for AI-agent projects)
defense-in-depth init --scaffold
# This creates:
# .agents/AGENTS.md β Bootstrap protocol for AI agents
# .agents/rules/ β Immutable project rules
# .agents/workflows/ β Operational procedures
# .agents/skills/ β Agent capability templates
# .agents/config/ β Machine-readable configs
# .agents/contracts/ β Interface contracts
Server-side enforcement (recommended for HITL claims)
Local hooks are bypassable with git commit --no-verify. To make the same
guard pipeline run on every PR β beyond any agent's reach β use the
official Composite Action:
# .github/workflows/defense-in-depth.yml
name: defense-in-depth
on:
pull_request:
branches: [main]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: tamld/defense-in-depth/.github/actions/verify@v0.7.0-rc.1
# Optional inputs:
# with:
# defense-version: '0.7.0-rc.1'
# node-version: '22'
# base-ref: 'origin/main'
Combine this with branch-protection rules on main that require the
verify check to pass. That's where HITL gets teeth.
4. Built-in Guards
| Guard | Default | Severity | Hook | What It Catches |
|---|---|---|---|---|
| Hollow Artifact | β ON | BLOCK | pre-commit | Files with only incomplete markers or empty templates |
| SSoT Pollution | β ON | BLOCK | pre-commit | Governance / state files (.agents/**, flow_state.yml, backlog.yml) modified in feature branches |
| Root Pollution | β ON | BLOCK | pre-commit | Unapproved files or folders created in the project root |
| Commit Format | β ON | WARN | commit-msg | Non-conventional commit messages |
| Ticket Identity | β OFF | WARN | pre-commit | Commit references a conflicting ticket (TKID Lite, v0.3) |
| Branch Naming | β OFF | WARN | pre-push | Branch names not matching feat|fix|chore|docs/* |
| Phase Gate | β OFF | BLOCK | pre-commit | Code committed without an implementation_plan.md plan file |
| HITL Review | β OFF | BLOCK | pre-commit | Enforces human-in-the-loop review markers on protected paths (v0.6) |
| Federation | β OFF | BLOCK | pre-commit | Parent β child ticket-state validation across federated repos (v0.6, configurable block/warn) |
Note on DSPy: The Hollow Artifact guard can use DSPy as an optional semantic layer (opt-in via
guards.hollowArtifact.useDspy: true). When enabled, DSPy acts as an additive signal only (WARN-only) and degrades gracefully β Tier 0 deterministic checks always hold.
Severity Levels
| Level | Emoji | Effect |
|---|---|---|
| PASS | π’ | No issues found |
| WARN | β οΈ | Issues flagged, commit allowed |
| BLOCK | π΄ | Commit rejected, must fix first |
5. Configuration
After defense-in-depth init, edit defense.config.yml:
version: "1.0"
guards:
hollowArtifact:
enabled: true
extensions: [".md", ".json", ".yml", ".yaml"]
minContentLength: 50
ssotPollution:
enabled: true
protectedPaths:
- ".agents/"
- "records/"
commitFormat:
enabled: true
pattern: "^(feat|fix|chore|docs|refactor|test|style|perf|ci)(\\(.+\\))?:\\s.+"
branchNaming:
enabled: false
pattern: "^(feat|fix|chore|docs)/[a-z0-9-]+$"
phaseGate:
enabled: false
planFiles: ["implementation_plan.md", "design_spec.md"]
6. Writing Custom Guards
Implement the Guard interface:
import type { Guard, GuardContext, GuardResult } from "defense-in-depth";
import { Severity } from "defense-in-depth";
export const fileSizeGuard: Guard = {
id: "file-size",
name: "File Size Guard",
description: "Prevents files larger than 500 lines",
async check(ctx: GuardContext): Promise<GuardResult> {
const findings = [];
for (const file of ctx.stagedFiles) {
// ... check file size
}
return { guardId: "file-size", passed: findings.length === 0, findings, durationMs: 0 };
},
};
See
docs/agents/guard-interface.mdfor the full contract anddocs/dev-guide/architecture.mdfor the engine internals.
Ticket Federation Providers
To integrate context cleanly from third-party ecosystems (Jira, Linear, your own local TICKET.md), defense-in-depth relies on TicketStateProviders. Providers inject metadata asynchronously before guards run purely.
export interface TicketStateProvider {
name: string;
resolve(ticketId: string): Promise<TicketRef | undefined>;
}
Built-in providers:
FileTicketProvider,HttpTicketProvider. Seedocs/dev-guide/writing-providers.mdanddocs/agents/provider-interface.mdfor the full contract.
7. CLI Commands
| Command | Description |
|---|---|
defense-in-depth init | Install hooks + create config |
defense-in-depth init --scaffold | Also create .agents/ ecosystem |
defense-in-depth verify | Run all guards manually against staged files |
defense-in-depth verify --files a.md b.ts | Check specific files |
defense-in-depth verify --dry-run-dspy | Force-disable DSPy for this run (regression check) |
defense-in-depth doctor | Health check (config, hooks, guards, hints state) |
defense-in-depth doctor --hints | Show all eligible Progressive Discovery hints |
defense-in-depth doctor --hints dismiss <id> / --hints reset | Dismiss or wipe hint state |
defense-in-depth lesson record / search / outcome / scan-outcomes | Manage Γn Lα» memory (v0.4) + recall outcomes (v0.7) in lessons.jsonl and .agents/records/lesson-*.jsonl |
defense-in-depth growth record | Record a growth metric to growth_metrics.jsonl |
defense-in-depth feedback <tp|fp|fn|tn> / list / f1 / scan-history | Label guard findings + compute per-guard F1 (v0.7) |
defense-in-depth eval <path> | DSPy semantic evaluation of an artifact (v0.5, opt-in) |
Exit codes (stable, part of the public surface per
docs/SEMVER.md):0= pass,1= BLOCK,2= config error. WARN does not change the exit code. DSPy/provider failures degrade to WARN, never crash.
8. Project Structure
defense-in-depth/
βββ src/
β βββ core/ # π Mandatory pillars
β β βββ types.ts # Guard + meta-layer interfaces (4 layers)
β β βββ engine.ts # Pipeline runner (options-object API)
β β βββ config-loader.ts # YAML config with deep merge defaults
β β βββ errors.ts # Typed DiDError hierarchy (v1.0 API freeze)
β β βββ jsonl-store.ts # Shared append-only JSONL writer + runtime validation
β β βββ memory.ts # lessons.jsonl read/write + recall events
β β βββ lesson-outcome.ts # LessonOutcome capture + scanner (v0.7)
β β βββ feedback.ts # FeedbackEvent writer (v0.7)
β β βββ f1.ts # Per-guard F1 computation (v0.7)
β β βββ hint-engine.ts # Progressive Discovery hint evaluator (v0.7)
β β βββ hint-state.ts # Atomic JSON state for hints-shown
β β βββ dspy-client.ts # Optional DSPy HTTP client (v0.5)
β βββ guards/ # π‘οΈ 9 built-in guards
β β βββ hollow-artifact.ts
β β βββ ssot-pollution.ts
β β βββ root-pollution.ts
β β βββ commit-format.ts
β β βββ branch-naming.ts
β β βββ phase-gate.ts
β β βββ ticket-identity.ts # v0.3 β TKID Lite
β β βββ hitl-review.ts # v0.6 β HITL marker enforcement
β β βββ federation.ts # v0.6 β Parent β child ticket validation
β β βββ index.ts # Barrel export + allBuiltinGuards
β βββ federation/ # π Cross-project ticket providers (v0.6)
β β βββ file-provider.ts
β β βββ http-provider.ts
β β βββ types.ts
β β βββ index.ts
β βββ hooks/ # πͺ Git hook generators
β β βββ pre-commit.ts
β β βββ pre-push.ts
β βββ cli/ # β¨οΈ CLI commands
β β βββ index.ts # Entry + router
β β βββ init.ts # Install hooks + scaffold config
β β βββ verify.ts # Run guards manually
β β βββ doctor.ts # Health check + hint surface
β β βββ lesson.ts # Memory layer (record / search / outcome)
β β βββ growth.ts # Growth metrics
β β βββ feedback.ts # F1 input pipeline (v0.7)
β β βββ eval.ts # DSPy semantic evaluation (v0.5, opt-in)
β β βββ hints-emit.ts # Internal hint emission helper
β βββ index.ts # Public API barrel (see docs/SEMVER.md)
βββ tests/
β βββ contract/ # Public-API + CLI exit-code contract tests (#35)
β β βββ public-api-contract.test.js
β β βββ cli-exit-codes.test.js
β β βββ no-execsync-regression.test.js
β βββ β¦ # Per-guard / per-CLI suites (366+ green)
βββ .agents/ # π§ Governance ecosystem
β βββ AGENTS.md # Bootstrap + ecosystem map
β βββ rules/ # Immutable project rules
β βββ workflows/ # Operational procedures
β βββ skills/ # Agent capability templates
β βββ contracts/ # Interface contracts (Guard, Provider, Julesβ¦)
β βββ config/ # Machine-readable configs
β βββ philosophy/ # Cognitive mindset roots (COGNITIVE_TREE)
β βββ records/ # Append-only telemetry (.jsonl)
βββ docs/ # π Full documentation
β βββ quickstart.md # 60-second onboarding
β βββ SEMVER.md # Stability contract (v1.0 lane)
β βββ migration/v0-to-v1.md # Upgrade guide for npm `latest = 0.1.0` users
β βββ user-guide/ # Configuration, CLI, hints
β βββ dev-guide/ # Architecture, writing guards/providers
β βββ agents/ # Machine-readable interface specs
β βββ federation.md # AAOS β defense-in-depth protocol
β βββ vision/ # meta-architecture, meta-growth-roadmap
βββ .github/ # π CI/CD + templates
β βββ workflows/ # ci.yml, release.yml, git-shield.yml
β βββ actions/verify/ # Server-side composite action
β βββ ISSUE_TEMPLATE/
β βββ PULL_REQUEST_TEMPLATE.md
βββ templates/ # π Shipped scaffolding templates
βββ AGENTS.md # π€ Root: project identity + laws
βββ GEMINI.md / CLAUDE.md / .cursorrules # π§ Prebuilt agent configs
βββ STRATEGY.md # πΊοΈ Strategic direction + roadmap
βββ CONTRIBUTING.md # π₯ How to contribute
βββ CODE_OF_CONDUCT.md # π€ Community standards
βββ SECURITY.md # π Threat model + vulnerability reporting
βββ CHANGELOG.md # π Version history
βββ LICENSE # βοΈ MIT
9. The .agents/ Ecosystem
For agentic projects (projects where AI agents contribute code), defense-in-depth offers an optional governance scaffold:
| Component | Required? | Purpose |
|---|---|---|
| Rules | β Core | Non-negotiable project standards |
| Contracts/Templates | β Core | Guard interface spec (human + machine) |
| Config | β Core | Machine-readable guard registry |
| Workflows | Optional | Step-by-step procedures for tasks |
| Skills | Optional | Custom agent capabilities |
All files follow YAML frontmatter + Markdown body for universal agent compatibility.
10. vs. Alternatives
vs. Runtime AI Guardrails
The AI safety ecosystem includes powerful tools that operate at the runtime/API layer:
| Tool | Focus | Layer |
|---|---|---|
| Guardrails AI / NeMo Guardrails | LLM input/output validation | Runtime API |
| Microsoft Agent Governance Toolkit | Enterprise policy engine | Runtime actions |
| LlamaFirewall (Meta) | Prompt injection, code injection defense | Runtime security |
| LLM Guard (Protect AI) | Input/output sanitization | Runtime API |
These tools govern AI while it reasons. defense-in-depth governs AI when it commits code. They are complementary layers β not competitors.
vs. Traditional Git Hooks
| Feature | husky + lint-staged | commitlint | π‘οΈ defense-in-depth |
|---|---|---|---|
| Git hooks | β | β | β |
| Commit format | β | β | β Built-in |
| Semantic content checking | β | β | β |
| SSoT protection | β | β | β |
| Phase gates (plan-before-code) | β | β | β |
| Pluggable guard system | β | β | β |
| Agent governance ecosystem | β | β | β |
| Evidence tagging | β | β | β |
| Target audience | Human devs | Human devs | AI agents + humans |
Runtime guardrails protect while AI thinks. defense-in-depth protects when AI submits. Different layers, complementary roles.
11. Roadmap
| Version | Focus | Key Types | Status |
|---|---|---|---|
| v0.1 | Core guards + CLI + OSS + CI/CD + prebuilt configs | Guard, Severity, Finding | β Done |
| v0.2 | .agents/ scaffold + 19 rules + 5 skills + lazy loading | GuardContext, config schema | β Done |
| v0.3 | TKID Lite (file-based tickets) + trust-but-verify | TicketRef | β Done |
| v0.4 | Memory Layer (lessons.jsonl) + growth metrics | Lesson, GrowthMetric | β Done |
| v0.5 | Optional DSPy semantic layer (opt-in, graceful degradation) + semantic quality evaluation | EvaluationScore | β Done |
| v0.6 | Federation: parent β child governance guards + HitlReview | FederationGuardConfig, HttpTicketProvider, HitlReviewConfig | β Done |
| v0.6.2 | Test & Operational Hardening (Coverage gates, End-to-End tests, server-side composite Action) | β | β Done |
| v0.7-rc.1 | Path A memory loop MVP + Progressive Discovery hints | Hint, HintState, LessonOutcome, RecallMetric, RecallEvent, FeedbackEvent, GuardF1Metric | β Tagged 2026-04-27 (PRs #27, #28, #31) |
| Track A1 β docs reconcile (v0.7 status across README + STRATEGY + meta-architecture + ecosystem map) | Release engineering | β | β Done (#40, #52, #53) |
Track A2 β guard breadth bump (secret-detection, dependency-audit, file-size-limit) | New guards | New per-guard configs | β
Done (#41, git-shield.yml CI fail-safe landed in #46) |
| Track A3 β API freeze for v1.0 (subpath exports, contract tests, typed errors, options-object engine, Guard lifecycle hooks, JSON Schema config, custom-guard guide) | API surface | EngineRunOptions, DiDError hierarchy | β Done (#33, #34, #35, #36, #37, #43, #44, #49, #50, #59) |
Track A4 β 30-day bake on next β npm latest promo + adoption push | Release lifecycle | β | π Pending Track A3 exit (umbrella #42) |
| v1.0 | Stable API + npm latest GA | All types frozen per docs/SEMVER.md | π Planned (Track A4 exit) |
| v1.1.x β Track B (Meta Growth) | F1 aggregator + Γn Lα» injection + dedup + forgetting + quality gate. Hard-gated on Track A4 exit (β₯10 external users + β₯100 captured events). | MetaGrowthSnapshot | π Designed |
v1.2+ β Telemetry Sync (was βv0.9β in earlier drafts; renumbered post-v1.0 per docs/vision/meta-growth-roadmap.md) | Bidirectional Internal β OSS data flow | FederationPayload | π Designed |
All types across the roadmap (Layers 0β3 + Federation + Telemetry Sync) are ALREADY published in
src/core/types.tsβ compiled, documented, importable. Implementation follows incrementally per the gating contract indocs/vision/meta-growth-roadmap.md. Seedocs/vision/meta-architecture.mdfor the full vision and types ledger.
Stability contract β v1.0 lane
docs/SEMVER.mdβ what counts as Major / Minor / Patch on the four public surfaces (library entry point, Guard/Provider contracts,defense.config.yml, CLI), plus the deprecation timeline.docs/migration/v0-to-v1.mdβ upgrade guide for anyone onnpm install defense-in-depthwithout a version pin (currentlylatest = v0.1.0). Covers every feature shipped in v0.2 β v0.7-rc.1 and the recommended upgrade steps.
12. Contributing
See CONTRIBUTING.md for the full guide.
5 Absolute Rules:
- TypeScript strict β no
any - Conventional commits β
feat(guards): add new guard - One guard = one file = one test
- No external dependencies (stdlib +
yamlonly) - Guards must be pure (no side effects)
13. For AI Agents: The Machine Gateway
You are entering a governed codebase with prebuilt cognitive frameworks.
π§ Prebuilt Agent Configs (Meta Prompting Materialized)
| Platform | Config File | What It Provides |
|---|---|---|
| Gemini CLI | GEMINI.md | Bootstrap chain, cognitive framework, platform tips |
| Claude Code / Antigravity | CLAUDE.md | Bootstrap chain, memory priming, AAOS lineage context |
| Cursor | .cursorrules | Comment-based rules matching Cursor convention |
These files are ready-to-use. Drop into the project and the agent immediately has the governance context. No searching needed.
[!CAUTION] THE 3 ABSOLUTE LAWS
- Zero-Theater: DO NOT create hollow documentation. Incomplete markers, empty templates = instant BLOCK.
- Evidence Over Plausibility: Tag unverified claims as
[HYPO]. Only[CODE]and[RUNTIME]evidence passes peer review.- Bootstrap First: Follow the chain:
AGENTS.mdβ.agents/AGENTS.mdβ.agents/rules/rule-consistency.mdβ then start coding.
Lazy-Load Matrix:
| Mission | Load This |
|---|---|
| Understanding project | AGENTS.md (root) |
| Agent onboarding | .agents/AGENTS.md (bootstrap flowchart) |
| Adding a guard | .agents/contracts/guard-interface.md |
| Coding standards | .agents/rules/rule-consistency.md |
| Task workflow | .agents/workflows/procedure-task-execution.md |
| Vision & roadmap | docs/vision/meta-architecture.md |
| Federation protocol | docs/federation.md |
License
MIT Β© 2026 tamld